27 lines
1.5 KiB
Diff
27 lines
1.5 KiB
Diff
diff -up ./init/fapolicyd.rules.known-libs.root ./init/fapolicyd.rules.known-libs
|
|
--- ./init/fapolicyd.rules.known-libs.root 2020-11-06 22:38:10.308866211 +0100
|
|
+++ ./init/fapolicyd.rules.known-libs 2020-11-06 22:39:17.857469844 +0100
|
|
@@ -6,8 +6,7 @@
|
|
%languages=application/x-bytecode.ocaml,application/x-bytecode.python,application/java-archive,text/javascript,text/x-awk,text/x-gawk,text/x-java,text/x-lisp,text/x-lua,text/x-m4,text/x-perl,text/x-php,text/x-python,text/x-R,text/x-ruby,text/x-script.guile,text/x-tcl,text/x-luatex,text/x-systemtap
|
|
|
|
# Carve out an exception for dracut initramfs building
|
|
-allow perm=any uid=0 : dir=/var/tmp/
|
|
-allow perm=any uid=0 trust=1 : all
|
|
+allow perm=any uid=0 : all
|
|
|
|
# Prevent execution by ld.so
|
|
deny_audit perm=any pattern=ld_so : all
|
|
diff -up ./init/fapolicyd.rules.restrictive.root ./init/fapolicyd.rules.restrictive
|
|
--- ./init/fapolicyd.rules.restrictive.root 2020-11-06 22:38:14.562904224 +0100
|
|
+++ ./init/fapolicyd.rules.restrictive 2020-11-06 22:38:58.440296333 +0100
|
|
@@ -18,8 +18,7 @@
|
|
%languages=application/x-bytecode.ocaml,application/java-archive,text/javascript,text/x-java,text/x-lisp,text/x-lua,text/x-m4,text/x-perl,text/x-php,text/x-R,text/x-ruby,text/x-script.guile,text/x-tcl,text/x-luatex,text/x-systemtap
|
|
|
|
# Carve out an exception for dracut
|
|
-allow perm=any uid=0 : dir=/var/tmp/
|
|
-allow perm=any uid=0 trust=1 : all
|
|
+allow perm=any uid=0 : all
|
|
|
|
# Prevent execution by ld.so
|
|
deny_audit perm=any pattern=ld_so : all
|